I am looking into the vcita variable and will fix that.
Sessions are required for the form logic, the CAPTCHA, and for (vcita when enabled after it is fix).
Every visitor will have a temporary session stored on the options table. The session tokens are very small, it is a server side cookie store. The sessions automatically purge after 30 minutes of inactivity. 9,000+ rows in the options table shouldn’t be an issue, particularly since the table is indexed already. After I fix the vcita variable, this will be about 1/3 less when vcita is off.
Traditional $_SESSION creates a separate file in the filesystem for each and every session. Since this is built in to PHP, it’s not something you can see unless you SSH in to the box and look at the filesystem directly. But that would be 9000 separate files being written and read … The issue here isn’t so much the data that’s being added to the database, it’s that we can actually see the data as it goes in and out of the database. Even with regular sessions, that data was still there, just cluttering up a different part of the machine.
